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Listing of Claims: 

1-64. (canceled) 

65. (previously presented): A method for mobile internet protocol (IP) route 
optimization comprising: 

forwarding a datagram from a correspondent node to a mobile node using a 
shortest path between the mobile node and the correspondent node, wherein the mobile node is in 
a mobile IP visiting network having a mobile IP protocol, and wherein the correspondent node is 
unaware of the mobile IP protocol. 

66. (previously presented): The method of claim 65, fiirther comprising: 

registering the mobile node with the mobile IP visiting network; and 
adding a route entry to a routing table in a mobile IP foreign agent. 

67. (previously presented): The method of claim 66, further comprising: 

removing the route entry from the routing table when the registered mobile node 
de-registers or times out. 

68. (previously presented): The method of claim 66, wherein the route entry comprises: 

a destination address comprising an address for a home network of the mobile 

node; 

a nexthop value comprising a local interface to which the mobile node is attached; 

and 

a routing cost comprising a value lower than all other routes available to the 

mobile node. 

69. (previously presented): The method of claim 68, ftirther comprising: 

routing the datagram based on the destination address. 
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70. (previously presented): The method of claim 69, wherein routing the datagram 
comprises using a routing protocol comprising one of Open Shortest Path First (OSPF), and 
Border Gateway Protocol (BGP). 

71 . (previously presented): The method of claim 66, wherein the route entry comprises: 

a source address comprising an address of the mobile node; 
a destination address comprising a set of subnetworks in a vicinity of the mobile 
IP foreign agent; and 

a nexthop value comprising a local interface of the mobile IP foreign agent. 

72. (previously presented): The method of claim 71, wherein routing the datagram 
comprises performing source-restricted destination address routing. 

73. (previously presented): The method of claim 72, wherein a route of the datagram is 
not propagated to a router using a routing protocol. 

74. (previously presented): The method of claim 66, further comprising: 

performing dynamic Network Address Translation (NAT) for a second datagram 
sent from the mobile node to a second correspondent node, wherein the second correspondent 
node is part of the mobile IP visiting network. 

75. (previously presented): The method of claim 74, further comprising: 

indexing a state in a state table using a mobile node home network address and a 
link layer address. 

76. (previously presented): The method of claim 75, further comprising: 

accepting the state from the state table when the mobile node has a valid 

registration. 

77. (previously presented): The method of claim 75, further comprising: 

denying the state from the state table when the mobile node does not have a valid 

registration. 
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78. (previously presented): The method of claim 75, wherein indexing the state in the 
state table comprises indexing by the link layer type with which the mobile node attaches to the 
mobile IP foreign agent. 

79. (previously presented): The method of claim 66, further comprising: 

distributing static routes and filters for the mobile node to the mobile IP foreign 

agent. 

80. (previously presented): The method of claim 79, wherein distributing static routes 
and filters occurs at a time of configuration. 

81. (previously presented): The method of claim 79, wherein distributing static routes 
and filters occurs at a time of registering the mobile node. 

82. (previously presented): The method of claim 79, wherein distributing static routes 
and filters occurs as part of a DIAMETER response from a home agent to the foreign agent. 

83. (previously presented): The method of claim 79, further comprising: 

tying the filters to a mobile node home network address and a home agent 

address. 

84. (previously presented): The method of claim 83, further comprising: 

applying the filters to traffic sent fi-om the mobile node on a local subnet when the 
mobile node has a valid registration. 

85. (previously presented): The method of claim 83, further comprising: 

blocking the filters when the mobile node does not have a valid registration. 

86. (previously presented): The method of claim 66, further comprising: 

allocating a care-of address to the mobile node using a dynamic host 
configuration procedure. 
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87. (previously presented): The method of claim 86, further comprising: 

applying the care-of address as a source address to a virtual interface adapter in 
the mobile node; and 

using the virtual interface adapter for traffic to destinations within the mobile IP 
visiting network. 

88. (previously presented): The method of claim 87, further comprising: 

enabling the virtual interface adapter at a time of registering the mobile node. 

89. (previously presented): The method of claim 87, further comprising: 

disabling the virtual interface adapter at one of a time when a registration of the 
mobile node is no longer valid, and a time when the mobile node moves to a new mobile IP 
visiting network. 

90. (previously presented): The method of claim 8 1 , further comprising: 

giving a home agent tunnel a lower routing cost as nexthop compared to local IP 
connectivity for the static routes. 

91. (previously presented): The method of claim 90, wherein registering the mobile 
node with the mobile IP visiting network involves a dynamic host configuration procedure in a 
home network. 

92. (previously presented): The method of claim 91, wherein distributing the static 
routes comprises including the static routes as an extension in a mobile IP registration reply 
message as part of the dynamic host configuration procedure. 

93. (previously presented): The method of claim 92, further comprising: 

giving local IP connectivity a lower routing cost as nexthop compared to a home 
agent tunnel for static routes distributed as part of the dynamic host configuration procedure. 
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94. (previously presented): The method of claim 86, further comprising: 

applying filter rules at the mobile node for traffic being sent and received with 
local IP connectivity and a home agent tunnel respectively. 

95. (previously presented): The method of claim 94, wherein the filter rules are 
distributed to the mobile node at a time of configuration. 

96. (previously presented): The method of claim 94, wherein the filter rules are 
distributed to the mobile node at a time of registering the mobile node. 

97. (previously presented): The method of claim 96, wherein the filter rules are 
distributed as an extension in a mobile IP registration reply message. 

98. (previously presented): The method of claim 66, further comprising: 

applying a selective reverse tunneling scheme between a home agent tunnel and 
local IP connectivity using a routing prefix and a routing cost. 

99. (previously presented): The method of claim 98, further comprising: 

giving a lower routing cost to a home agent tunnel route as nexthop compared to 
local IP cormectivity when private address realms for the visiting network and the home network 
overlap, 

100. (previously presented): The method of claim 98, further comprising: 

giving a lower routing cost to a home agent tunnel route as nexthop compared to 
local IP connectivity for a route to the Internet, 

101. (previously presented): The method of claim 98, further comprising: 

giving a lower routing cost to local IP connectivity as nexthop compared to a 
home agent tunnel route for a route to a same subnetwork as the mobile node. 
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102. (previously presented): The method of claim 98, further comprising: 

giving a lower routing cost to a home agent tunnel route as nexthop compared to 
local IP connectivity for a route to a home network. 

103. (previously presented): The method of claim 66, further comprising: 

hosting a home network of the mobile node using a plurality of home agents, the 
home agents having a same home agent IP address. 

104. (previously presented): The method of claim 103, further comprising: 

dispatching a plurality of messages among the home agents using a load balancer. 

105. (previously presented): The method of claim 104, further comprising: 

retrieving data about a mobile node user at a time of registering the mobile node 
from at least one of a common AAA server, and an LDAP directory. 

106. (previously presented): The method of claim 103, further comprising: 

sending a message from a one of the plurality of home agents to a care-of address 
using a direct server return method. 

107. (previously presented): The method of claim 106, further comprising: 

sending a routing update related to availability of the mobile node to a router. 

108. (previously presented): The method of claim 104, further comprising: 

sending an ICMP destination unreachable message from the load balancer to a 
tunnel decapsulator when an assigned home agent fails; and 

reporting a tunnel soft state as network unreachable when a foreign agent is the 
txmnel decapsulator. 

109. (previously presented): The method of claim 108, further comprising: 

sending a new registration to the same home agent IP address upon receipt of the 
ICMP destination unreachable message. 
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110. (previously presented): The method of claim 109, further comprising: 

confirming that a one of the plurality of home agents is alive before allocating a 
registration request to the one of the plurality of home agents. 

111. (previously presented): The method of claim 109, further comprising: 

allocating a new home agent for the mobile node. 

112. (previously presented): The method of claim 109, wherein a first home agent acts 
as a primary agent and a second home agent acts as a secondary agent for the same home agent 
IP address. 

113. (previously presented): The method of claim 66, further comprising: 

using a care-of address which resides behind a network address translation; 

rejecting a first registration request from the mobile node when a source address 
in a header of the first registration request is different fi"om a care-of address wdthin the first 
registration request; and 

sending a challenge. 

1 14. (previously presented): The method of claim 1 13, further comprising: 

responding to the challenge with a second registration request. 

115. (previously presented): The method of claim 1 14, further comprising: 

using the source address of a registration request as the destination address for 
encapsulated datagrams sent to the care-of address. 

1 16. (previously presented): The method of claim 1 1 5, further comprising: 

using a source address of a reply to a registration request as the source address for 
encapsulated datagrams sent to a home agent. 
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1 17. (previously presented): The method of claim 1 13, further comprising: 

performing address masquerading using a port translation; and 
tunneling a payload datagram from the care-of address to a home agent using 
UDP between an inner IP header and an outer IP header. 

118. (previously presented): The method of claim 66, further comprising: 

establishing a plurality of mobile IP security associations betv^een the mobile 
node, a home agent, and a foreign agent using public key certificates; and 

signing the public key certificates using a mobile service manager. 

119. (previously presented): The method of claim 118, further comprising: 

configuring the foreign agent with one of the public key certificates and a public 
key certificate of the mobile service manager; 

configuring the home agent with one of the public key certificates and the public 
key certificate of the mobile service manager; and 

configuring the mobile node with one of the public key certificates, the public key 
certificate of the mobile service manager, and the public key certificate of the home agent. 

120. (previously presented): The method of claim 1 19, further comprising: 

including the public key certificate of the mobile node as a mobile IP extension in 
a registration request message; 

including the public key certificate of the foreign agent as a mobile IP extension 
in the registration request message; and 

including the public key certificate of the home agent and the public key 
certificate of the foreign agent in a registration reply message. 

121. (previously presented): The method of claim 1 20, further comprising: 

verifying a signature of one of the public key certificates using the mobile service 

manager. 
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122. (previously presented): The method of claim 121, further comprising: 

matching a received certificate to a certificate revocation list provided by the 
mobile service manager at a time of configuration. 

123. (previously presented): The method of claim 122, further comprising: 

validating the public key certificate of the foreign agent on behalf of the mobile 

node; and 

sending a signed version of the public key certificate of the foreign agent to the 
mobile node in a registration reply message. 

124. (previously presented): The method of claim 122, further comprising: 

applying a public key of the received certificate to an authenticator in a mobile IP 
authentication extension. 

125. (previously presented): The method of claim 124, further comprising: 

applying a public key of the public key certificate of the foreign agent to the 
authenticator in the mobile IP authentication extension. 

126. (previously presented): The method of claim 124, further comprising: 

establishing a Security Parameter Index (SPI) equal to a predetermined integer 
larger than 255 between a pair of nodes when authentication is successful. 

127. (previously presented): The method of claim 126, further comprising: 

establishing one of IP security, and transport layer security using a same X.509 
certificate among the mobile node, the foreign agent, and the home agent. 

128. (previously presented): The method of claim 125, further comprising: 

accessing one or more servers in a home network and a visiting network using 
respectively the home agent and foreign agent as security proxies. 
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